https://8192de7b.documentation-km5.pages.dev/index.htmlCRS DocumentationHugoen-usWed, 18 Feb 2026 22:11:21 +0200https://8192de7b.documentation-km5.pages.dev/1-getting-started/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/1-getting-started/index.htmlhttps://8192de7b.documentation-km5.pages.dev/2-how-crs-works/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/2-how-crs-works/index.htmlDeep dive into core CRS concepts in this chapter.https://8192de7b.documentation-km5.pages.dev/3-about-rules/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/3-about-rules/index.htmlRuleshttps://8192de7b.documentation-km5.pages.dev/4-about-plugins/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/4-about-plugins/index.htmlhttps://8192de7b.documentation-km5.pages.dev/5-advanced-topics/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/5-advanced-topics/index.htmlThe content here doesn’t fit anywhere else just yet. This whole section will probably be reworked and is only temporary.https://8192de7b.documentation-km5.pages.dev/6-development/index.htmlWed, 18 Feb 2026 22:11:21 +0200https://8192de7b.documentation-km5.pages.dev/6-development/index.htmlhttps://8192de7b.documentation-km5.pages.dev/7-known-issues/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/7-known-issues/index.htmlThere are some known issues with CRS and some of its compatible WAF engines. This page describes these issues. Get in touch if you think something is missing. There are still false positives for standard web applications in the default install (paranoia level 1). Please report these on GitHub if and when encountered. False positives from paranoia level 2 and higher are considered to be less interesting, as it is expected that users will write exclusion rules for their alerts in the higher paranoia levels. Nevertheless, false positives from higher paranoia levels can still be reported and the CRS project will try to find a generic solution for them.https://8192de7b.documentation-km5.pages.dev/8-additional-resources/index.htmlMon, 01 Jan 0001 00:00:00 +0000https://8192de7b.documentation-km5.pages.dev/8-additional-resources/index.htmlNote The content on this page may be outdated. We are currently in the process of rewriting all of our documentation: please bear with us while we update our older content. Free and Open-Source Community Help CRS GitHub repository. Open issues for bugs, report false positives, and access the source code. CRS Slack channel. Come and talk to the CRS community. If you don’t have access yet, get your invite here. ModSecurity Users Mailing List (SourceForge): General discussion about ModSecurity. ModSecurity Developers Mailing List (SourceForge): Development discussion about ModSecurity. There is an extended set of tutorials at netnea.com, that introduces the CRS integration and the handling of false positives with great detail. It is worth checking out: Tutorial 6: Embedding ModSecurity Tutorial 7: Including OWASP CRS Tutorial 8: Handling False Positives with OWASP CRS Commercial Help TBD ModSecurity Training Books about ModSecurity ModSecurity Handbook ModSecurity Handbook is “The definitive guide to the popular open source web application firewall”, by Christian Folini and Ivan Ristić. The book is available from Feisty Duck in hard copy or with immediate access to the digital version which is continually updated. Web Application Defender’s Cookbook: Battling Hackers and Defending Users The Web Application Defender’s Cookbook: Battling Hackers and Protecting Users is a book written by previous ModSecurity Project Lead and OWASP ModSecurity Project Lead Ryan Barnett. The book outlines critical defensive techniques to protect web applications and includes example ModSecurity rules/scripts. ModSecurity 2.5 ModSecurity 2.5 is “A complete guide to using ModSecurity”, written by Magnus Mischel. The book is available from Packt Publishing in both hard copy and digital forms.* Apache Security Apache Security is a comprehensive Apache Security resource, written by Ivan Ristic for O’Reilly. Two chapters (Apache Installation and Configuration and PHP) are available as free download, as are the Apache security tools created for the book. Preventing Web Attacks with Apache Preventing Web Attacks with Apache. Building on his groundbreaking SANS presentations on Apache security, Ryan C. Barnett reveals why your Web servers represent such a compelling target, how significant exploits are performed, and how they can be defended against.